Lucene search
Veracode Vulnerability DatabaseVERACODE:19567HistoryMay 16, 2019 - 3:19 a.m.
Denial Of Service (DoS)
2019-05-1603:19:16
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.006 Low
EPSS
Percentile
77.7%
curl is vulnerable to denial of service (DoS) attacks. This is because the libcurl does not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker could send a specially crafted FTP URL to an application could write a NULL byte at an arbitrary location resulting in an application crash.
References
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index
access.redhat.com/errata/RHSA-2018:3157
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1510247
bugzilla.redhat.com/show_bug.cgi?id=1542256
bugzilla.redhat.com/show_bug.cgi?id=1610998
Related
cve
cve
CVE-2018-1000120
2018-03-14 18:29:00
osv
osv
curl FTP path confusion leads to NIL byte out of bounds write
2022-05-14 00:58:02
CVE-2018-1000120
2018-03-14 18:29:00
curl - security update
2018-03-18 00:00:00
redhatcve
redhatcve
CVE-2018-1000120
2018-03-14 07:49:14
f5
f5
K22052524 : cURL and libcurl vulnerability CVE-2018-1000120
2018-04-13 00:00:00
ubuntucve
ubuntucve
CVE-2018-1000120
2018-03-14 00:00:00
github
github
curl FTP path confusion leads to NIL byte out of bounds write
2022-05-14 00:58:02
alpinelinux
alpinelinux
CVE-2018-1000120
2018-03-14 18:29:00
cvelist
cvelist
CVE-2018-1000120
2018-03-14 18:00:00
prion
prion
Buffer overflow
2018-03-14 18:29:00
nvd
nvd
CVE-2018-1000120
2018-03-14 18:29:00
debiancve
debiancve
CVE-2018-1000120
2018-03-14 18:29:00
nessus
nessus
Photon OS 1.0: Curl PHSA-2018-1.0-0124 (deprecated)
2018-08-17 00:00:00
Fedora 27 : curl (2018-8877b4ccac)
2018-03-21 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : curl vulnerabilities (USN-3598-1)
2018-03-16 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2018-1109)
2020-01-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:1323-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:0769-1)
2021-06-09 00:00:00
ubuntu
ubuntu
curl vulnerabilities
2018-03-15 00:00:00
curl vulnerabilities
2018-05-24 00:00:00
archlinux
archlinux
[ASA-201803-20] lib32-libcurl-gnutls: multiple issues
2018-03-19 00:00:00
[ASA-201803-15] curl: multiple issues
2018-03-19 00:00:00
[ASA-201803-18] lib32-libcurl-compat: multiple issues
2018-03-19 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: curl-7.55.1-10.fc27
2018-03-20 18:26:44
[SECURITY] Fedora 26 Update: curl-7.53.1-16.fc26
2018-03-20 17:38:42
[SECURITY] Fedora 28 Update: curl-7.59.0-2.fc28
2018-03-30 13:33:07
debian
debian
[SECURITY] [DLA 1309-1] curl security update
2018-03-18 21:22:09
[SECURITY] [DSA 4136-1] curl security update
2018-03-14 21:36:51
amazon
amazon
ibm
ibm
cloudfoundry
cloudfoundry
USN-3598-1: curl vulnerabilities | Cloud Foundry
2018-04-04 00:00:00
slackware
slackware
[slackware-security] curl
2018-03-16 04:18:28
photon
photon
altlinux
altlinux
Security fix for the ALT Linux 8 package curl version 7.59.0-alt1
2018-03-31 00:00:00
gentoo
gentoo
cURL: Multiple vulnerabilities
2018-04-08 00:00:00
oraclelinux
oraclelinux
curl and nss-pem security and bug fix update
2018-11-05 00:00:00
centos
centos
curl, libcurl, nss security update
2018-11-15 18:44:09
redhat
redhat
(RHSA-2020:0594) Moderate: curl security update
2020-02-25 11:32:48
(RHSA-2020:0544) Moderate: curl security update
2020-02-18 13:56:21
(RHSA-2018:3157) Moderate: curl and nss-pem security and bug fix update
2018-10-30 04:24:21
mageia
mageia
Updated curl packages fix security vulnerabilities
2018-10-30 21:01:43
oracle
oracle
Oracle Critical Patch Update Advisory - January 2019
2019-01-15 00:00:00
Oracle Critical Patch Update Advisory - October 2019
2020-01-22 00:00:00
Oracle Critical Patch Update - October 2018
2018-12-18 00:00:00